Example #1
0
 def generateChannels(self):
     if self.args["CHANNELS"] == "all" or self.args["CHANNELS"] == "":
         self.channels = range(100)
         io.info("Channels: 0-99")
     else:
         for i in utils.listArg(self.args["CHANNELS"]):
             if utils.isNumber(i):
                 self.channels.append(utils.integerArg(i))
             elif "-" in i and len(i.split("-")) == 2 and all(
                 [utils.isNumber(j) for j in i.split("-")]):
                 upChannel, downChannel = [int(j) for j in i.split("-")]
                 self.channels += range(upChannel, downChannel)
         io.info("Channels: " + ','.join([str(j) for j in self.channels]))
Example #2
0
    def run(self):

        self.receiver = self.getReceiver(interface=self.args["INTERFACE"])

        if self.checkCapabilities():
            if utils.isNumber(self.args["CHANNEL"]):
                self.receiver.setChannel(utils.integerArg(
                    self.args["CHANNEL"]))
            else:
                io.fail("You must provide a channel number !")
                return self.nok()

            if self.args["TARGET_PANID"] != "":
                self.targetPanID = utils.integerArg(self.args["TARGET_PANID"])
            else:
                self.targetPanID = None

            if self.args["TARGET"] != "" and self.args["TARGET"][2:].upper(
            ) != "FFFF" and self.args["TARGET"].upper(
            ) != "FF:FF:FF:FF:FF:FF:FF:FF":
                if utils.isNumber(self.args["TARGET"]):
                    self.target = utils.integerArg(self.args["TARGET"])
                else:
                    self.target = zigbee.convertAddress(self.args["TARGET"])
            else:
                self.target = None

            if self.args["PCAP_FILE"] != "":
                self.pcap = self.getEmitter(interface=self.args["PCAP_FILE"])
            else:
                self.pcap = None
            self.receiver.onEvent("*", callback=self.show)

            time = utils.integerArg(
                self.args['TIME']) if self.args["TIME"] != "" else None
            start = utils.now()
            while utils.now() - start <= time if time is not None else True:
                utils.wait(seconds=0.1)

            self.receiver.removeCallbacks()

            output = {
                "CHANNEL": self.args["CHANNEL"],
                "INTERFACE": self.args["INTERFACE"],
                "PCAP_FILE": self.args["PCAP_FILE"]
            }
            return self.ok(output)
        else:
            io.fail("Interface provided (" + str(self.args["INTERFACE"]) +
                    ") is not able to sniff and inject frames.")
            return self.nok()
Example #3
0
    def run(self):

        self.emitter = self.getEmitter(interface=self.args["INTERFACE"])
        if self.checkCapabilities():
            if utils.isNumber(self.args["CHANNEL"]):
                self.emitter.setChannel(utils.integerArg(self.args["CHANNEL"]))
            else:
                io.fail("You must provide a channel number !")
                return self.nok()

            self.pcapReceiver = self.getReceiver(
                interface=self.args["PCAP_FILE"])
            io.info("Extracting packet stream from PCAP ...")
            stream = self.pcapReceiver.generateStream()
            io.success("Packet stream successfully extracted !")

            io.info("Injecting ...")
            self.emitter.sendp(*stream)
            for i in stream:
                i.show()
            while not self.emitter.isTransmitting():
                utils.wait(seconds=0.1)

            while self.emitter.isTransmitting():
                utils.wait(seconds=0.1)
            io.success("Injection done !")
            return self.ok()
        else:
            io.fail("Interface provided (" + str(self.args["INTERFACE"]) +
                    ") is not able to inject frames.")
            return self.nok()
Example #4
0
    def masterPairingConfirm(self, pkt):
        pkt.show()
        self.mConfirm = pkt.confirm[::-1]

        self.sRand = ble.BLECrypto.generateRandom()
        io.success("Generating random : " + self.sRand.hex())

        if self.pairingMethod == "JustWorks":
            pinCode = 0
        else:
            if self.args["PIN"] != "" and utils.isNumber(self.args["PIN"]):
                pinCode = int(self.args["PIN"])
            else:
                pinCode = int(io.enterPinCode("Enter the 6 digit PIN code: "))

        self.tk = self.pinToTemporaryKey(pinCode)

        io.success("Generating Temporary Key : " + self.tk.hex())

        self.sConfirm = ble.BLECrypto.c1(self.tk, self.sRand[::-1], self.pReq,
                                         self.pRes, self.initiatorAddressType,
                                         self.initiatorAddress,
                                         self.responderAddressType,
                                         self.responderAddress)

        io.success("Generating SConfirm : " + self.sConfirm.hex())
        confirmPacket = ble.BLEPairingConfirm(confirm=self.sConfirm[::-1])
        confirmPacket.show()
        self.emitter.sendp(confirmPacket)
Example #5
0
    def run(self):

        self.emitter = self.getEmitter(interface=self.args["INTERFACE"])
        if self.checkCapabilities():
            if not utils.isNumber(self.args["CHANNEL"]):
                io.fail("You must provide a channel number.")
                return self.nok()

            if self.args["TARGET"] == "":
                io.warning(
                    "No target provided, the attack is performed in broadcast."
                )
                self.target = "FF:FF:FF:FF:FF:FF"
            else:
                io.info("Target provided: " + str(self.args["TARGET"]))
                self.target = self.args["TARGET"].upper()

            if self.args["SOURCE"] == "":
                io.fail("You must provide a source address.")
                return self.nok()
            else:
                self.source = self.args["SOURCE"].upper()

            if utils.isNumber(self.args["REASON"]):
                self.reason = utils.integerArg(self.args["REASON"])
            else:
                io.fail("You must provide a reason number.")
                return self.nok()
            self.emitter.setChannel(utils.integerArg(self.args["CHANNEL"]))

            # We forge the deauthentication and disassociation packet, while spoofing the client's MAC
            self.deauth_packet = wifi.WifiDeauth(destMac=self.target,
                                                 srcMac=self.source,
                                                 reason=self.reason)
            self.disas_packet = wifi.WifiDisas(destMac=self.target,
                                               srcMac=self.source,
                                               reason=self.reason)

            self.send_deauth()

            return self.ok()

        else:
            io.fail("Interface provided (" + str(self.args["INTERFACE"]) +
                    ") is not able to run in monitor mode.")
            return self.nok()
Example #6
0
 def channel(self, newChannel=""):
     if newChannel == "":
         io.info("Current channel: " + str(self.emitter.getChannel()))
     else:
         if utils.isNumber(newChannel) and int(newChannel) >= 0 and int(
                 newChannel) <= 99:
             self.emitter.setChannel(int(newChannel))
             self.currentChannel = int(newChannel)
             self.updatePrompt(self.target)
         else:
             io.fail("You must provide a channel number between 0 and 99.")
Example #7
0
	def run(self):

		self.emitter = self.getEmitter(interface=self.args["INTERFACE"])
		self.receiver = self.getReceiver(interface=self.args["INTERFACE"])

		if self.checkInjectingCapabilities():
			self.pcapReceiver = self.getReceiver(interface=self.args["PCAP_FILE"])

			self.target = "FF:FF:FF:FF:FF" if self.args["TARGET"] == "" else utils.addressArg(self.args["TARGET"])

			if self.target == "FF:FF:FF:FF:FF" and not self.checkPassiveScanningCapabilities():
				io.fail("Interface provided ("+str(self.args["INTERFACE"])+") is not able to scan in promiscuous mode, you have to provide a specific target.")
				return self.nok()

			if self.target != "FF:FF:FF:FF:FF" and self.args["CHANNEL"].lower() == "auto" and not self.checkActiveScanningCapabilities():
				io.fail("Interface provided ("+str(self.args["INTERFACE"])+") is not able to perform an active scan.")
				return self.nok()

			if self.target == "FF:FF:FF:FF:FF":
				io.info("Promiscuous mode enabled ! Every frame contained in the file indicated in PCAP_FILE will be transmitted.")
				self.emitter.enterPromiscuousMode()
			else:
				io.info("Sniffing mode enabled !")
				self.emitter.enterSnifferMode(address=self.target)


			if utils.isNumber(self.args["CHANNEL"]):
				self.emitter.setChannel(utils.integerArg(self.args["CHANNEL"]))
			elif self.args["CHANNEL"].lower() == "auto":
				self.searchChannel()
			else:
				io.fail("A channel must be provided in order to perform an injection.")
				return self.nok()

			

			io.info("Extracting packet stream from PCAP ...")
			stream = self.pcapReceiver.generateStream()
			io.success("Packet stream successfully extracted !")

			io.info("Injecting ...")
			self.emitter.sendp(*stream)

			while not self.emitter.isTransmitting():
				utils.wait(seconds=0.1)

			while self.emitter.isTransmitting():
				utils.wait(seconds=0.1)
			io.success("Injection done !")
			return self.ok()
		else:
			io.fail("Interface provided ("+str(self.args["INTERFACE"])+") is not able to inject.")
			return self.nok()
Example #8
0
	def switch(self,target:"!method:_autocompleteConnections"):
		if utils.isNumber(target):
			if int(target) > 0 and int(target) < len(self.emitter.getConnections())+1:
				address = self.emitter.getConnections()[int(target)-1]["address"]
			else:
				address = self.emitter.getAddressByHandle(int(target))
		else:
			address = target
		if self.emitter.switchConnection(address):
			io.success("Switching to connection <"+address+">")
			self.updatePrompt(address)
		else:
			io.fail("Unknown connection !")
Example #9
0
	def channel(self,newChannel=""):
		if newChannel == "":
			io.info("Current channel: "+str(self.emitter.getChannel()))
		else:

			if self.followThread is not None:
				io.fail("You can't manually set a channel in follow PRX mode.")
			else:
				if utils.isNumber(newChannel) and int(newChannel) >= 0 and int(newChannel) <= 99:
					self.emitter.setChannel(int(newChannel))
					self.currentChannel = int(newChannel)
					self.updatePrompt(self.target)
				else:
					io.fail("You must provide a channel number between 0 and 99.")
Example #10
0
	def find_prx(self,channels="0-99"):
		if self.checkActiveScanningCapabilities():
			if self.target is None:
				io.fail("You must select a target before performing this action.")
			else:
				listOfChannels = []
				for i in channels.split(","):
					if utils.isNumber(i):
						listOfChannels.append(int(i))
					elif "-" in i and len(i.split("-")) == 2 and all([utils.isNumber(j) for j in i.split("-")]):
						downChannel,upChannel = [int(j) for j in i.split("-")]
						listOfChannels += range(downChannel,upChannel+1)

				if all([(channel >= 0 and channel <= 99) for channel in listOfChannels]):
					if self.emitter.scan(listOfChannels):
						io.success("ACK received from PRX on channel #"+str(self.emitter.getChannel()))
						self.currentChannel = self.emitter.getChannel()
						self.updatePrompt(self.target)
					else:
						io.fail("PRX not found")
				else:
					io.fail("You must only provide channels between 0 and 99.")
		else:
			io.fail("Interface provided ("+str(self.args["INTERFACE"])+") is not able to perform an active scan.")
Example #11
0
    def jamAdvertisements(self):
        if self.checkAdvertisementsJammingCapabilities():
            channel = utils.integerArg(self.args["CHANNEL"])
            if self.args["TARGET"] != "":
                target = utils.addressArg(self.args["TARGET"])
                pattern = bytes.fromhex(target.replace(":", ""))[::-1]
                offset = 2
            elif (utils.isNumber(self.args["OFFSET"])
                  and utils.isHexadecimal(self.args["PATTERN"])
                  and self.args["OFFSET"] != ""
                  and self.args["PATTERN"] != ""):
                pattern = bytes.fromhex(self.args["PATTERN"])
                offset = utils.integerArg(self.args["OFFSET"])
            else:
                io.fail(
                    "You must provide a dewhitened pattern and an offset, or a target to jam."
                )
                return self.nok()

            if len(self.emitters) == 1:
                self.emitters[0].jamAdvertisements(pattern=pattern,
                                                   offset=offset,
                                                   channel=channel)
            if len(self.emitters) == 2:
                self.emitters[0].jamAdvertisements(pattern=pattern,
                                                   offset=offset,
                                                   channel=channel)
                self.emitters[1].jamAdvertisements(
                    pattern=pattern,
                    offset=offset,
                    channel=(channel + 1 if channel < 39 else 37))
            if len(self.emitters) == 3:
                self.emitters[0].jamAdvertisements(pattern=pattern,
                                                   offset=offset,
                                                   channel=37)
                self.emitters[1].jamAdvertisements(pattern=pattern,
                                                   offset=offset,
                                                   channel=38)
                self.emitters[2].jamAdvertisements(pattern=pattern,
                                                   offset=offset,
                                                   channel=39)

            while True:
                utils.wait(seconds=0.01)

        else:
            io.fail("Interfaces provided are not able to jam advertisements.")
            return self.nok()
Example #12
0
 def parseFilterType(self):
     filterType = self.args["FILTER"]
     if filterType == "":
         return None
     if utils.isNumber(filterType):
         return ble.UUID(UUID16=int(filterType)).data
     elif utils.isHexadecimal(filterType) and len(filterType) <= 6:
         return ble.UUID(UUID16=int(filterType, 16)).data
     elif utils.isHexadecimal(filterType) and len(filterType) > 6:
         uuid = ble.UUID(UUID128=bytes.fromhex(filterType)).data
         if uuid is None:
             return bytes.fromhex(filterType)
         else:
             return uuid
     else:
         return ble.UUID(name=filterType).data
Example #13
0
    def slavePairingResponse(self, pkt):

        self.initiatorAddress = self.emitter.getAddress()
        self.initiatorAddressType = b"\x00" if self.emitter.getAddressMode(
        ) == "public" else b"\x01"
        self.responderAddress = self.emitter.getCurrentConnection()
        self.responderAddressType = b"\x00" if self.emitter.getCurrentConnectionMode(
        ) == "public" else b"\x01"

        pkt.show()
        self.pairingResponse = pkt
        self.pRes = self.pairingResponse.payload[::-1]

        self.responderAuthReq = ble.AuthReqFlag(
            data=bytes([pkt.authentication]))
        self.responderInputOutputCapability = ble.InputOutputCapability(
            data=bytes([pkt.inputOutputCapability]))
        self.responderKeyDistribution = ble.KeyDistributionFlag(
            data=bytes([pkt.responderKeyDistribution]))
        pairingMethod = self.pairingMethodSelection()
        io.success("Pairing Method selected : " + self.pairingMethod)

        self.mRand = ble.BLECrypto.generateRandom()
        io.success("Generating random : " + self.mRand.hex())

        if pairingMethod == "JustWorks":
            pinCode = 0
        else:
            if self.args["PIN"] != "" and utils.isNumber(self.args["PIN"]):
                pinCode = int(self.args["PIN"])
            else:
                pinCode = int(io.enterPinCode("Enter the 6 digit PIN code: "))

        self.tk = self.pinToTemporaryKey(pinCode)
        io.success("Generating Temporary Key : " + self.tk.hex())

        self.mConfirm = ble.BLECrypto.c1(self.tk, self.mRand[::-1], self.pReq,
                                         self.pRes, self.initiatorAddressType,
                                         self.initiatorAddress,
                                         self.responderAddressType,
                                         self.responderAddress)
        io.success("Generating MConfirm : " + self.mConfirm.hex())
        confirmPacket = ble.BLEPairingConfirm(confirm=self.mConfirm[::-1])
        confirmPacket.show()
        self.emitter.sendp(confirmPacket)
Example #14
0
	def run(self):
		self.receiver = self.getReceiver(interface=self.args["INTERFACE"])
		if self.checkCapabilities():
			frequency = self.receiver.getFrequency()
			if frequency != utils.integerArg(self.args["FREQUENCY"]):
				self.receiver.setFrequency(utils.integerArg(self.args["FREQUENCY"]))
			self.count = utils.integerArg(self.args["NUMBER"]) if utils.isNumber(self.args["NUMBER"]) else 1

			self.receiver.onEvent("*",callback=self.show)
			self.receiver.waitData()
			while self.count > 0:
				utils.wait(seconds=0.5)

			output = self.generateOutput()	
			return self.ok(output)
		else:
			io.fail("Interface provided ("+str(self.args["INTERFACE"])+") is not able to sniff IR signals.")			
			return self.nok()
Example #15
0
    def monitoring(self):
        self.receiver.onEvent("*", callback=self.onPacket)
        try:
            if self.args["TIME"] == "":
                while True:
                    utils.wait(seconds=0.00001)

            elif utils.isNumber(self.args["TIME"]):
                time = utils.integerArg(self.args["TIME"])
                start = utils.now()
                while utils.now() - start < time:
                    utils.wait(seconds=0.0000001)

            else:
                io.fail("You have provided a wrong TIME value.")
                return self.nok()
        except KeyboardInterrupt:
            pass
Example #16
0
	def __init__(self,handle=None,value=None,type=None, permissions=None):
		self.handle = handle
		self.value = value
		
		if isinstance(type,int):
			self.type = UUID(UUID16=type)
		elif isinstance(type,bytes):
			self.type = UUID(data=type)
		elif utils.isHexadecimal(type) and len(type)<=6:
			self.type = UUID(UUID16=int(type, 16))
		elif utils.isHexadecimal(type) and len(type)>6:
			self.type = UUID(UUID128=bytes.fromhex(type))
		else:
			self.type = UUID(name=type)


		if isinstance(permissions,str) and utils.isNumber(permissions):
			self.permissions = PermissionsFlag(data=struct.pack('B',permissions))
		elif isinstance(permissions,bytes):
			self.permissions = PermissionsFlag(data=permissions)
		else:
			self.permissions = PermissionsFlag(permissions=permissions)